freeradius: updated to 3.2.8
FreeRADIUS 3.2.8 Wed 20 Aug 2025 12:00:00 UTC urgency=low
Configuration changes
* Replace dictionary.infinera with the correct one.
* Update dictionary.alteon
Feature improvements
* Add support for automated fuzzing. This doesn't affect
normal operations, but it does allow for testing of the
RADIUS decoder.
* Allow tagged attributes to use ":V" as a tag in some cases.
The tag is then read from the value which is being assigned
to the attribute. This functionality is allowed in 'update'
sections, including 'update' in module configurations.
See mods-available/ldap for an example.
* Add kafka module. See mods-available/kafka.
* Allow &control:Packet-SRC-IP-Address to be used when
proxying needs a given source address.
[47 lines not shown]
samba4: updated to 4.24.2
Changes since 4.24.1
* BUG 16038: Samba 4.24 with cups can't get queue and shows errors about
fetch_share_cache_time
* BUG 16043: Fix a directory file descriptor leak in vfs_glusterfs that
caused unbounded memory growth on the GlusterFS brick with
persistent SMB2 connections.
* BUG 16030: Windows Offline Files fails with permission error when directory
has the readâonly attribute set
* BUG 15991: samba not triggering mount of zfs snapshot in dataset
.zfs/snapshots/<snapname> directory
* BUG 15999: net ads join still fails with multiple DCs
* BUG 16076: samba-tool shows wrong format specifiers for timestamp
attributes
* BUG 14638: restrict anonymous = 2 breaks RODC functionality
* BUG 15973: smbpasswd can crash winbindd on an AD DC
* BUG 15995: smbd does not cleanup on disconnect of the transport connection
on lease break errors
[9 lines not shown]
qtcreator: updated to 19.0.1
Qt Creator version 19.0.1 contains bug fixes.
General
Fixed
* That preferences for newly enabled plugins were only available after restart
* Various issues with marking the `Preferences` as dirty
* A possible crash when opening the `About Qt Creator` dialog multiple times
* That using the keyboard shortcut for `Advanced Find` did not raise the search
widget
* Model Context Protocol
* A crash when using the `quit` action
Editing
Fixed
[16 lines not shown]
gsed: update to 4.10.
* Noteworthy changes in release 4.10 (2026-04-21) [stable]
** Bug fixes
sed 's/a/b/g' (and other global substitutions) now works on input
lines longer than 2GB. Previously, matches beyond the 2^31 byte offset
would evoke a "panic" (exit 4).
[bug present since the beginning]
'sed --follow-symlinks -i' no longer has a TOCTOU race that could let
an attacker swap a symlink between resolution and open, causing sed to
read attacker-chosen content and write it to the original target.
[bug introduced in sed 4.1e]
sed no longer falsely matches when back-references are combined with
optional groups (.?) and the $ anchor. For example, this no longer
falsely matches the empty string at beginning of line:
[49 lines not shown]
nist_hash_drbg: Fix citation to standard.
- Note that it's Rev. 1.
- Provide a URL.
- Link also to the test vectors.
- And link to an archive of the test vectors, just in case.
virtio(4): Allow virtio 0.9 BAR0 type to be memory rather than I/O.
This matches virtio>=1.0, and can't break working `hardware': any
existing virtio devices that worked must have reported I/O-type BAR0,
so they will continue to work; this will only enable previously
unusable virtio devices, reporting memory-type BAR0, to work.
Patch from Petri Koistinen.
PR kern/60247: virtio(4): legacy attach fails when BAR0 is MMIO
math/py-numpy: Tweak workaround for missing log2l/log1pl/expm1l.
1. Put it in npy_math.c as needed by _umath_linalg.so.
2. Limit it to NetBSD<10, since NetBSD>=10 has at least stubs (just
like this workaround implements, in terms of double functions) if
not proper long double implementations (NetBSD>=11).
Fixes:
>>> import numpy
...
ImportError: /home/riastradh/pkgsrc/current/pkg/lib/python3.11/site-packages/numpy/linalg/_umath_linalg.so: Undefined PLT symbol "log1pl" (symnum = 20)
PR pkg/60256: devel/py-numpy: log1pl workaround no longer works around
sysutils/lima: update to version 2.1.1
The default docker template still does not boot on my NetBSD host, but
the docker.lima wrapper worked for me just fine when using debian-13
instead, and installing docker.io there.
Tested on NetBSD/amd64.
Changes since version 2.1.0:
* Binary release:
- Add Windows artifacts (#4789)
* macOS guest:
- Allow unusual range of UID (#4171, thanks to @balajiv113)
* vz:
- Honor audio.device=none (#4762, thanks to @BizerNotNull)
* nerdctl:
- Update from v2.2.1 to v2.2.2 (#4787)
. This release of the nerdctl distribution updates BuildKit
[59 lines not shown]
p5-YAML-Syck: update to 1.45.
1.45 Apr 23 2026
[Bug Fixes]
- Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash
in base64 encode/decode buffers; also plugs a memory leak (PR #189)
- Fix: clear type tag on blessed scalar alias early-return so the stale
tag no longer leaks onto the next emitted item (GH #193, PR #194)
- Fix: negative float#base60 values produce wrong results; strip sign
before accumulating and avoid negative zero for portable
stringification (PR #191)
- Fix: prevent memory leaks when Load/LoadJSON croak on parse errors
(PR #192)
[Maintenance]
- Test: add coverage for SortKeys and JSON MaxDepth (PR #188)
- Test: add error handling coverage for LoadFile/DumpFile (PR #190)
- Update README
[149 lines not shown]
p5-libwww: update to 6.83.
6.83 2026-05-12 11:41:48Z
- LWP::UserAgent now strips Authorization and Proxy-Authorization headers
on cross-origin redirects (a different scheme, host, or port) to prevent
credential leakage to the redirect target. Same-origin redirects retain
credentials. Opt out with allow_credentialed_redirects => 1.
CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig
Palmquist.
- LWP::UserAgent now refuses https to http redirects by default to prevent
leaking remaining request headers and bodies over plaintext. Opt in with
allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by
Stig Palmquist.
